CryptXXX Ransomware Spreading Faster Than Ever Before

1

Malicious online activities are increasing globally as online security experts discover that trustworthy web pages of companies are being hacked in order to give CryptXXX ransomware to uninformed people. Internet sites of leading organizations that generate a lot of traffic, for instance, a website of an employment company or a website that offers vacation packages tourism site, and it doesn’t stop there even websites that normal people will not usually visit are also hosting the CryptXXX such as a water supply company and a security firm’s website are all having that ransomware. Based upon the latest study done on CryptXXX, there is more to it, a botnet is known as the Real Statistics is probably in control of running the CryptXXX system. The zombie army of computers like these that are infected with such viruses search the internet for weaknesses and then taint around with hosts to carry out the strikes. In these specific type of attacks, the Real Statistics botnet implants a malevolent script which allows hijacked web pages to reroute its traffic to an unknown site holding the notorious malware, which can be bought via the dark web marketplaces.

Image Source: Proof Point – An updated lock screen now looks much simpler. Rebooting the computer gets rid of the lock screen but the user is able to read the ransom message notes left throughout the filesystem.

However, as soon as the visitor is rerouted to the website that is holding the malware which will install the CryptXXX – in its final stages the installer scans to check the host machine is using a software such as a virtual machine (i.e. Oracle VirtualBox or VMWare), traffic sniffer, any type of an anti-virus or an malware scanner or any type of an outdated plugin such as a Flash player or any kind of software for debugging the flash player. With that said, in case, if such applications are not found on the target’s machine then it opens the Command Shell along with the windows tool of Wscript to grab the ransomware from a server holding the ransomware. And you will be surprised to find out that this isn’t the first time that the Real Statistics botnet has started such an immense invasion of computers. A few years back, a reputable security firm discovered that Real Statistics had jeopardized more than a hundred thousand websites that were made using WordPress, that made Google systems blacklist more than ten thousand websites in a period of less than 24 hours. However, since it the last detection, its developers have updated its script in order for it to avoid detection and help it spread more faster. The ransomware has a number of versions and its current active activities reveal that hackers are checking on new variations to launch substantial assaults.

Image Source: Proof Point – Home page of the payment portal hosted on an onion site, before the user enters their Identification Code.

According to Proofpoint an online security firm, the ransomware CryptXXX has spread swiftly since its discovery in the early months of 2016. The ransomware was first associated with people that programmed Angler (another exploit kit, click here to know study more about it), a similar program like Real Statistics and Soak Soak botnet. However, as Angler exploit kit was soon detachable many hackers then turned towards other exploit kits, including the one that we just mentioned above and it doesn’t stop their hackers are sending them via emails as well.

HOW TO PROTECT YOURSELF FROM CRYPTXXX

Image Source: Proof Point – After entering their Identification Code, the user is allowed into the portal and has the option to pay in order to download the Ultra De Crypter.

In order for you to defend your PC from this money taking ransomware, it is recommended to have an antivirus installed that has real time protection running at all times and it is considered a good practice to have all your documents backed up, either on cloud services or either on a physical drive(s). For added security, we reckon to use HitmanPro.Alert (click here to download) and CryptoPrevent (click here to download and install).

Source: Proof Point, Ars Technica


You want to support Anonymous Independent & Investigative News? Please, follow us on Twitter:


This Article (CryptXXX Ransomware Spreading Faster Than Ever Before ) is free and open source. You have permission to republish this article under a Creative Commons license with attribution to the author and AnonHQ.com.

CLICK HERE TO SUPPORT US VIA PATREON

Get Your Anonymous T-Shirt / Sweatshirt / Hoodie / Tanktop, Smartphone or Tablet Cover or Mug In Our Spreadshirt Shop! Click Here

 

1 COMMENT

  1. Now this is exactly what Anonymous should be dealing with. If you guys cannot find the perpetrators and hack the shit out of them to stop this criminal behaviors then who can? Time for you guys to stand up for decent folk too! Get Tracking, Get Hacking and get send them packing

LEAVE A REPLY

Please enter your comment!
Please enter your name here